Browse Source

feat: Add support for VPC flow log max_aggregation_interval (#431)

tags/v2.40.0
Ilia Lazebnik GitHub 5 months ago
parent
commit
36832ff015
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 19 additions and 9 deletions
  1. +4
    -3
      README.md
  2. +1
    -0
      examples/complete-vpc/main.tf
  3. +1
    -0
      examples/vpc-flow-logs/cloud-watch-logs.tf
  4. +6
    -0
      variables.tf
  5. +7
    -6
      vpc-flow-logs.tf

+ 4
- 3
README.md View File

@@ -224,14 +224,14 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway

| Name | Version |
|------|---------|
| terraform | ~> 0.12.6 |
| aws | ~> 2.53 |
| terraform | >= 0.12.6, < 0.14 |
| aws | ~> 2.57 |

## Providers

| Name | Version |
|------|---------|
| aws | ~> 2.53 |
| aws | ~> 2.57 |

## Inputs

@@ -460,6 +460,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
| flow\_log\_destination\_arn | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no |
| flow\_log\_destination\_type | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no |
| flow\_log\_log\_format | The fields to include in the flow log record, in the order in which they should appear. | `string` | `null` | no |
| flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no |
| flow\_log\_traffic\_type | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no |
| git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | `bool` | `false` | no |
| git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | `list` | `[]` | no |


+ 1
- 0
examples/complete-vpc/main.tf View File

@@ -110,6 +110,7 @@ module "vpc" {
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
flow_log_max_aggregation_interval = 60

tags = {
Owner = "user"


+ 1
- 0
examples/vpc-flow-logs/cloud-watch-logs.tf View File

@@ -15,6 +15,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" {
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
flow_log_max_aggregation_interval = 60

vpc_flow_log_tags = {
Name = "vpc-flow-logs-cloudwatch-logs-default"


+ 6
- 0
variables.tf View File

@@ -2318,3 +2318,9 @@ variable "flow_log_cloudwatch_log_group_kms_key_id" {
type = string
default = null
}

variable "flow_log_max_aggregation_interval" {
description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
type = number
default = 600
}

+ 7
- 6
vpc-flow-logs.tf View File

@@ -15,12 +15,13 @@ locals {
resource "aws_flow_log" "this" {
count = local.enable_flow_log ? 1 : 0

log_destination_type = var.flow_log_destination_type
log_destination = local.flow_log_destination_arn
log_format = var.flow_log_log_format
iam_role_arn = local.flow_log_iam_role_arn
traffic_type = var.flow_log_traffic_type
vpc_id = local.vpc_id
log_destination_type = var.flow_log_destination_type
log_destination = local.flow_log_destination_arn
log_format = var.flow_log_log_format
iam_role_arn = local.flow_log_iam_role_arn
traffic_type = var.flow_log_traffic_type
vpc_id = local.vpc_id
max_aggregation_interval = var.flow_log_max_aggregation_interval

tags = merge(var.tags, var.vpc_flow_log_tags)
}


Loading…
Cancel
Save